Windows NT Based Web Security COSC 573 By: Ying Li Basic Concepts of Windows NT • Advantages – User-friendly graphic front end – Point-and-click configuration – Excellent software development tools • Disadvantages – Relative newcomer to the Internet – A variety of security problems Basic Concepts of Windows NT • Windows NT Server vs. NT Workstation – Windows NT Server: • More expensive • has complete functionality • can coordinate the activities of other machines, provide remote access services, run Windows name resolution, and host the Internet Information Server Basic Concepts of Windows NT (cont’) – Windows NT Workstation • a water-down version of the Server product • with most of the server functions disabled – Microsoft Internet Information Server runs only on NT Server – However, Web servers from other vendors run with the Workstation version of operating system, as well From the point of view of system security, the main difference between the two flavors is that NT Workstation comes with an undesirably permissive configuration, while NT Server is stricter. Windows NT Security Risks In theory, the Windows NT system of access control lists, domains, and trust relationships provides a high level of security. In practice, many NT server on the Internet are not secure. How can this be? Widespread Misconfiguration Problems • An out-of-the-box Windows NT Workstation installation is not secure. – Most of the system’s files and directories are read/write by Everyone, which means that any local user can tamper with the system to his heart’s content. – Because of the strange properties of the built-in Everyone group, there are a variety of ways for unidentified Internet users to view and /or alter the system, as well. Widespread Misconfiguration Problems (Cont’) • Windows NT Server, in contrast, has a more reasonable set of default permissions when first installed. • However, it still contains gaps in its configuration that allow for unwanted mischief. • In practice, many Windows NT Servers are not installed from scratch but are upgraded from previous versions of Windows NT or from Windows 95. In such cases, the access control lists are probably at their least restrictive setting. Widespread Misconfiguration Problems (Cont’) • An Additional problem for Windows NT: Windows NT actually supports two different file systems: FAT and NTFS. Only NTFS provides access control lists. Machines that use an FAT file system have no file protection. Vulnerability to NetBIOS Attacks • Concept: Windows NT uses a family of networking protocols, known collectively as “NetBIOS,” to provide Windows file sharing, network printing, and remote system administration • NetBIOS is network-independent. However, NetBIOS was designed with a local area network in mind, not large networks like the Internet. • For this reason, it has certain vulnerabilities. NetBIOS Vulnerability • Information leakage – NetBIOS will advertise information about a system’s shared volumes, workgroup name, domain name and machine name without requiring the remote machine or user to authenticate • Client-Controlled fallback to weaker authentication – In order to be compatible with less-capable operating systems, such as Windows for Workgroups, and Windows 95, NetBIOS will fall back to weaker authentication when a remote client requests it. • Anonymous log-in – NetBIOS allows a limited form of anonymous, unauthenticated log-in. Designed to allow machines on the local area network to exchange information about themselves, this loophole has been used by would-be intruders to gain access to sensitive parts of the system, such as the registry. Securing a Windows NT Web Server 1 Apply all service patches 2 Fix the file system permissions 3 Fix the registry access permissions 4 Remove or disable all extraneous network services 5 Add the minimum number of user accounts necessary to maintain the server 6 Install the server software and adjust file and directory permissions to restrict unnecessary access 7 Remove or disable unnecessary Web server features, CGI scripts, and extensions 8 Monitor system and server log files Apply All Service Packs and Updates • Microsoft releases operating system patches called “service packs” at regular intervals • These service packs contain patches for known security holes in the operating system, as well as other bug fixes and feature enhancements • Back up your system if it has any valuable data on it Fix the File System and Registry Permissions • After applying operating system patches, the next step is to check and adjust the file system and registry permissions • To get the benefit of file system permissions, you must have formatted Windows NT disk partition as NTFS • For fixing the file system, you should log into the system as Administrator and use the Properties -> Security -> Permissions window to change the access control lists • For fixing the registry, like the file system, the keys and values of the Windows registry are protected by access control lists An Example • Directory C:\WINNT\PROFILES\DEFAULT_USER C:\WINNT\PROFILES\ALL_USERS Owner Administrator Change contents too Files and subdirectories Administrators Full control SYSTEM Full control Users Read Rationale: These two directories contain common preferences shared by all users. Users can view the defaults but not change them User Rights Policies • The Windows NT User Manager program establishes certain global user rights. Some of the rights on a default installation are inappropriate for Web server machines; others are simply accident prone. To change these rights, select Policies-> User Rights… in the User Manager program to bring up the User Rights Policy Install Web Server Software • If the software isn’t already preinstalled, go ahead and install it by running whatever install program the vendor provides. • The main task at this point is to tune the directory permissions so that authorized users can make changes to the Web tree without having to become full administrator to do so Turn off Unnecessary Features • Microsoft IIS and other servers support a few optional features that potentially can be used by unscrupulous individuals to gain information about your system. Unless you really need these features, you should turn them off. – Directory Browsing – Read-Access to the Scripts Directory – Execute-Access to Non-Scripts Directories – Active Server Pages Monitor the Web Server and Event Logs • Both the Web server and Windows NT itself are capable of performing extensive logging. Although the Web server logs are turned on by default, NT event logging (“auditing”) is turned off. It is recommended to enable it. Create a Backup System • A recent and complete system-wide backup is essential for recovering from a break-in • Even if your system isn’t broken into, a backup will allow you to recover from disasters, ranging from hard disk crash to the accidental deletion of an essential file ?
Pages to are hidden for
"NT Based Web Security"Please download to view full document